Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process, memory will continue to be exhausted and will affect other processes on the system.
CVSS Information
N/A
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Vulnerability Title
Pippo 资源管理错误漏洞
Vulnerability Description
Pippo是一款适用于嵌入式设备的开源微Web框架。 Pippo 1.12.0版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A